kind: ServiceAccount
apiVersion: v1
metadata:
  name: app1-account
---
kind: ServiceAccount
apiVersion: v1
metadata:
  name: app2-account
---
apiVersion: v1
kind: Service
metadata:
  name: app1-service
spec:
  ports:
  - name: http
    port: 80
    protocol: TCP
  - name: tftp
    port: 69
    protocol: UDP
  selector:
    id: app1
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: app1
spec:
  selector:
    matchLabels:
      id: app1
      zgroup: testapp
  replicas: 1
  template:
    metadata:
      labels:
        id: app1
        zgroup: testapp
    spec:
      serviceAccountName: app1-account
      terminationGracePeriodSeconds: 0
      containers:
      - name: web
        image: docker.io/cilium/demo-httpd:1.0
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 80
        readinessProbe:
          httpGet:
            path: /
            port: 80
      - name: udp
        image: quay.io/cilium/echoserver-udp:v2020.01.30
        imagePullPolicy: IfNotPresent
        ports:
        - containerPort: 69
          protocol: UDP
      nodeSelector:
        "cilium.io/ci-node": k8s1
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: app2
spec:
  selector:
    matchLabels:
      id: app2
      zgroup: testapp
      appSecond: "true"
  replicas: 1
  template:
    metadata:
      labels:
        id: app2
        zgroup: testapp
        appSecond: "true"
    spec:
      serviceAccountName: app2-account
      terminationGracePeriodSeconds: 0
      containers:
      - name: app-frontend
        image: quay.io/cilium/demo-client:1.0
        imagePullPolicy: IfNotPresent
        command: [ "sleep" ]
        args:
          - "1000h"
      # We want the two pods to be on separate nodes, the egress custom tail
      # call hook for socket-based load-balancing is not supported yet.
      nodeSelector:
        "cilium.io/ci-node": k8s2
---
apiVersion: v1
kind: Pod
metadata:
  name: bytecounter-compiler
spec:
  containers:
  - name: cilium-builder
    image: quay.io/cilium/cilium-builder:c10fbd1c46cc87cd7816b4d585e91e889f8ad84b@sha256:952c13f49a43e472540c3845b4ba796fba4d7f234806c07a556b04a36535a4e3
    workingDir: /cilium
    command: ["/bin/sh", "-c"]
    args:
      - "git config --global --add safe.directory /cilium; sleep infinity"
    securityContext:
      privileged: true
    volumeMounts:
      - mountPath: /sys/fs/bpf
        name: bpf-maps
      - mountPath: /cilium
        name: cilium-src
  volumes:
  - hostPath:
      path: /sys/fs/bpf
      type: DirectoryOrCreate
    name: bpf-maps
  - hostPath:
      path: /home/vagrant/go/src/github.com/cilium/cilium
      type: Directory
    name: cilium-src
  # We need the following toleration overwrite because the pod is used with
  # Cilium uninstalled, so the network isn't ready.
  tolerations:
  - key: "node.kubernetes.io/not-ready"
    operator: "Exists"
  - key: "node.kubernetes.io/unreachable"
    operator: "Exists"
  hostNetwork: true
  nodeSelector:
    "cilium.io/ci-node": k8s2
